1994-07-26 - Re: New Threat on the Horizon: Software Key Escrow

Header Data

From: tcmay@netcom.com (Timothy C. May)
To: hfinney@shell.portal.com (Hal)
Message Hash: 00148b47ab45c9c164dc67df59d0947e123a548a2dca55d4d93f07c1f90d24e2
Message ID: <199407262345.QAA16546@netcom13.netcom.com>
Reply To: <199407262054.NAA00151@jobe.shell.portal.com>
UTC Datetime: 1994-07-26 23:45:58 UTC
Raw Date: Tue, 26 Jul 94 16:45:58 PDT

Raw message

From: tcmay@netcom.com (Timothy C. May)
Date: Tue, 26 Jul 94 16:45:58 PDT
To: hfinney@shell.portal.com (Hal)
Subject: Re: New Threat on the Horizon: Software Key Escrow
In-Reply-To: <199407262054.NAA00151@jobe.shell.portal.com>
Message-ID: <199407262345.QAA16546@netcom13.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Cypherpunks,

Sorry I haven't been able to participate in the thread I started, but
my own post has yet to make it here to "Notcom," and later posts are
dribbling in out of order, without prior context, etc. (I suspect the
problem is at Netcom's end, e.g., refusing mail, and not at Toad's
end.)

Hal Finney wrote:

> used, and the consensus seemed to be that the hooks aren't there.  If you
> want to inter-operate with this software, which will presumably be widely
> available in the future, you will have to join the official certification
> hierarchy.  So long, web of trust.

I think this is happening. I just got a forwarded response from a
Microsoft paralegal, and he confirms that Microsoft is working on
various aspects of key escrow, software key escrow, etc. Mostly, he
says, for export to countries with key escrow (!!). I don't feel at
liberty to post his response here, but I encourage Blanc Weber, who
handled the intermediary exchange, to get permission to do so, or to
just do so on his own authority.

I should also note that the Microsoft legal guy claimed I was "off a
little" (which could be "a lot" if he was being facetious) in my
speculations about Chicago, in '95. We'll see in 1995, I guess. In
any case, getting confirmation that Microsoft is working on key escrow
_at all_ is a simply amazing development, I would say.

(I don't know if they're planning to use the algorithm that Matt Blaze
described, the one from Trusted Information Systems. Others may know.)


> built-in encryption of your choice.  But this will be a big job.  Still,
> maybe the best approach when MSoft comes out with this encryption built-
> in will be to get software out which will bypass it while still using
> the other value-added features like hot links, automatic encryption/
> decryption, etc.  Otherwise they may well succeed in getting a de facto
> standard into place which does not protect individual privacy.

I agree with Hal completely. Everything is pointing to the existence
of a heretofore unknown cooperationg between Microsoft and NIST on a
software key escrow system. The TIS work looks to be the key.

More than this morning, I stand by my speculation that a serious
proposal exists to implement some form of key escrow in software.
This could establish a "de facto standard" faster than anything
connected with Clipper ever could.

Vigilance!

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."




Thread